I am not having any luck.   When I get to step 5 (engine-setup), the "PKI organization" still has the old domainname???

          --== CONFIGURATION PREVIEW ==--
         
          Update Firewall                         : False
          Host FQDN                               : bacchus.xxxcentral.com
          Engine database secured connection      : False
          Engine database host                    : localhost
          Engine database user name               : engine
          Engine database name                    : engine
          Engine database port                    : 5432
          Engine database host name validation    : False
          DWH database secured connection         : False
          DWH database host                       : localhost
          DWH database user name                  : ovirt_engine_history
          DWH database name                       : ovirt_engine_history
          DWH database port                       : 5432
          DWH database host name validation       : False
          Engine installation                     : True
          PKI organization                        : xxxportal.com
          DWH installation                        : True
          Backup DWH database                     : True
          Engine Host FQDN                        : bacchus.xxxcentral.com
          Configure VMConsole Proxy               : False
          Configure WebSocket Proxy               : False


On Sun, Jul 10, 2016 at 2:27 AM, Yedidyah Bar David <didi@redhat.com> wrote:
On Sat, Jul 9, 2016 at 2:35 AM, Paul Dyer <pmdyermms@gmail.com> wrote:
> Hi,
>
> back in 2015, with the first install of ovirt, I used a domain of
> xxxportal.com.   Since the client has an xxxcentral.com wildcard
> certificate, I added changed the hostname and domainname, and added the
> cert/cacert to the apache webpage.
>
> The pki on ovirt and vdsm (host) both still have the original xxxportal.com
> domain.   I am looking for a way to wipe away the old domain.
>
> Do I need to remove the host (not hosted engine), drop the
> datacenter/cluster, and build from a clean db?

Basically yes. See also:

https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/

If you have lots of data in your engine (hosts, VMs etc), you might manage to
keep most of it by something like this, didn't try that:

1. Shutdown all VMs and move all hosts to maintenance
2. Stop ovirt-engine service
3. mv /etc/pki/ovirt-engine /etc/pki/ovirt-engine-backup-before-recreation
4. yum reinstall ovirt-engine-backend, or copy back from above backup
only these, without the files they hold (for directories), but keep
owner/permissions:
cacert.template.in  certs  cert.template.in  keys  openssl.conf
private  requests
5. engine-setup
It will notice pki is removed and recreate it for you
You might need to change admin password because it's encrypted with engine's key
6. Connect to web admin, and per host:
6.1. Right click -> Enroll Certificate
6.2. You might need Right-Click -> Reinstall
6.3. Activate

This should be enough, more-or-less. You might want, just in case,
before step 6,
to connect to all hosts and remove stuff under /etc/pki, but I didn't check
what exactly.

Best,
--
Didi



--
Paul Dyer,
Mercury Consulting Group, RHCE
504-302-8750